JP2005352616A - Method for registering biological information - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a method for registering, authenticating, and managing biological information, by which the biological information is easily and reliably authenticated, original information is hardly restored as a single body, and the validity of the biological information is confirmed; and to provide its system. <P>SOLUTION: Pattern numerical value data which indicate the feature of the inputted biological information are calculated, converted into two kinds of information based on a prescribed rule, and registered in respectively different storage media. Reverse conversion is performed in authenticating so as to combine the pattern numerical value data which are used for authentication. The prescribed rule is to calculate a permission range for keeping matching as the pattern numerical value data even when conversion is performed, to perform conversion within the range at a random method, etc., and to generate converted storage information and differential numerical value data with conversion procedure and content described therein. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a biometric information registration method, authentication method, and management method of a user, for example, a biometric information registration method, authentication method, management method, and system for performing identity verification via the Internet. .

  In recent years, needs for personal authentication using biometric information, such as identity verification at airports and financial institutions, and identification of individuals on information processing terminals and networks, are rapidly increasing. According to this, identity verification can be performed simply by presenting individual physical characteristics and behavioral characteristics, so there is no need for a certificate such as a conventional seal, reducing the risks of theft and counterfeiting, and user convenience. Can also improve.

  In the above-described system, biometric information for identifying a user is registered in a storage medium, and identity verification is performed by comparing information in the storage medium with information on a person to be authenticated at the time of authentication. There are two methods for managing the registered biometric information in the prior art: a server management type that performs centralized management by the center server, and a user management type that manages using a storage medium owned by the individual user. By encrypting, it is possible to prevent forgery and unauthorized reading of biometric information.

  However, in the server management type, biometric information of a plurality of persons is gathered in one place, so that management and outflow risk occur. Illegal reading and counterfeiting risks, such as rewriting to one's own biometric information and counterfeiting of personal characteristics. In addition, the reliability of the encryption methods used to protect the information in these storage media all depend on the time order (the time it takes to decrypt without using a key). It is difficult to continue to protect biometric information that cannot be changed for a long time.

JP 2000-11176 A

  In order to solve the above-described problem, in the above-mentioned patent document, (α) the biometric information measured is subjected to a conversion process determined in advance by given parameters to extract feature information. For example, feature extraction is performed on an image that has been subjected to inversion or expansion / contraction by image processing based on the inversion direction and expansion / contraction ratio given as parameters to the measured fingerprint image. Alternatively, (β) feature information is extracted from the measured biological information, a parameter is assigned to a predetermined function for the extracted feature information, and conversion processing is performed. For example, a parameter called the user's age is added to all the data items for the extracted feature information. Such a method is conceivable. In addition, (γ) user feature information at the time of authentication is also converted by the same method as (α) and (β), and authentication is performed by comparing the converted feature information.

  However, in the method of the above-mentioned patent document (α), it cannot be guaranteed that the same image can be taken because the data of the biological information to be measured depends on the measurement conditions such as the place where the finger is placed on the measuring instrument and how to place it. It is practically difficult to acquire the same feature data from the converted image data. In the method (β), a conversion function is determined in advance, and conversion is performed by giving a parameter to the conversion function. For the same reason as in the above (α), the converted feature data is not always the same feature pattern. In addition, there is no certainty that conventional collation means can be used for converted feature data, and correct results can be obtained by comparing the converted feature data as in (γ). There is no guarantee to be made. In addition, in the case of (β), the method of converting a function by giving a parameter to the function is the same as the conventional encryption technology. When the parameter calculation method and the function algorithm are analyzed, the risk of deciphering the original information is high. .

  The present invention has been made in view of such circumstances. It is possible to easily and reliably authenticate biometric information, to restore the original information alone, and to confirm the validity of the biometric information. An object is to provide a biometric information registration, authentication, management method and system.

  Another object of the present invention is to provide a system that is resistant to impersonation, forgery, and unauthorized reading when performing exchange of biometric information such as personal authentication on a network.

  Furthermore, another object of the present invention is to provide a system that makes it possible to directly manage biometric information that can directly specify personal information by a company without directly holding it from the viewpoint of the Personal Information Protection Law. There is.

  In order to achieve the above object, in the present invention, pattern numerical data indicating the characteristics of input biological information is calculated, converted into two pieces of information according to a predetermined rule, and registered in different storage media. At the time of authentication, the reverse conversion is performed, and the numerical pattern data is combined and used for authentication. Note that the predetermined rule is to calculate an allowable range that can maintain consistency as pattern numerical data even if conversion is performed, and to convert the stored information after conversion by a method such as random within this range. It is to generate differential numerical data describing the conversion procedure and contents.

  According to the present invention, since conventional biometric information feature data collation methods can be used for biometric information collation, biometric information can be easily and reliably authenticated, and a specific function is not used for conversion. It is not possible to use conventional cryptanalysis methods, such as deciphering with brute force, with the characteristics of the bit string of information as a restoration target, and storage information and difference information are always required to combine the original information. Validity can be confirmed.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  In the above method, the device for registering biometric information and the device for authentication may be the same or different devices. The storage medium for storing personal information may use an external device, but the difference numerical data and the storage data must be stored and managed in separate storage media. For example, a method of storing difference numerical data in a center server and registering stored data in a user IC card can be considered as an example. The biometric information handled in the present invention refers to physical features such as fingerprints, irises, and veins, and behavioral features such as handwriting and a movement route, and an individual is specified by using one or more of these.

  FIG. 1 is a configuration diagram of this system. The biometric information management server 1 has a biometric information management DB 61 and a user DB 62, has a function 50 for associating and managing user information and biometric information, a function data conversion function 53 necessary for biometric information authentication, and an authentication function. You can also have 52. In the biometric information management server 1, either the difference numerical data or the stored data is managed in the biometric information DB 61 together with the personal information, and the other data is stored in the biometric information 63 in the storage medium 6.

  The registration terminal 2 includes an apparatus 30 for inputting biological information including an image device such as a CCD camera, an audio device such as a microphone, a pressure sensitive device such as a pressure measuring element, a position information recognition device such as GPS, and the like, A writer 31 for registering data in a storage medium such as a contact IC card writer and a non-contact IC card writer, and a registration function 51 and a conversion function 53 necessary for performing registration processing in the biological information management server are provided. Further, it is assumed that the CPU 21 and the memory 22 are mounted in the processing apparatus.

  The authentication terminal 3 communicates data with a device 30 for inputting biometric information, a storage medium, and a biometric information management server, and has an authentication function 52 and a conversion function 53 necessary for authentication. Further, it is assumed that the CPU 21 and the memory 22 are mounted in the processing apparatus.

  The registration / authentication terminal 4 has the functions of the registration terminal 2 and the authentication terminal 3 as a single unit. The network 5 indicates the Internet or a company-specific dedicated network.

  The storage medium 6 stores difference data 63 or stored data 63 and is managed by an ID 64 corresponding to the biological information management server.

  The in-medium authentication 7 has a part or all of the functions of the registration terminal 2 and the authentication terminal 3 as a single unit, and also has the function of the storage medium 6.

  FIG. 2 shows an example of a flow in which a user performs biometric information registration processing. The numbers in this figure correspond to the numbers (102 to 111) referred to below. First, the registration system confirms the validity of the presented storage medium and reads the ID information assigned to the storage medium (102).

  Next, biometric information is input by the user through the registration terminal (103). Since the input information cannot be used for pattern extraction as it is, the previous stage such as image processing is performed in accordance with the pattern extraction algorithm (104). Examples of the image processing method performed here include a thinning process, a low-pass filter, and a high-pass filter.

  Based on the information obtained in the previous stage, pattern extraction is performed and pattern numerical data calculation is performed (105). Note that the pattern extraction method used here is not necessarily limited to a specific algorithm, but is characterized as an example. Examples include a point extraction method, a pattern matching method, a frequency analysis method, and the like. Data handled at this time is as shown in FIG. 6 (601 to 603). It should be noted that even if the pattern numerical data obtained here is biometric information of the same individual, for example, input conditions such as how to place a finger when collecting fingerprints, an input method such as photographing with a camera, and the above pattern extraction It is not necessarily the same depending on factors such as algorithms, but is characterized by different pattern numerical data.

  In the previous stage, for the obtained pattern numerical data, the allowable range calculation method obtained by giving the use authentication method ID and the biometric information input device ID to the table FIG. 9 (901) in the conversion program (53) in FIG. Use, analysis, and calculation of a permissible conversion range that can maintain consistency as biological information even if a change is made (106). Here, the conversion allowable range is a range in which consistency as biometric information can be maintained even if changes are made to the characteristic data of the target biological information, and storage converted using this allowable range. Data alone has consistency as biological information. Note that data handled at this time differs depending on the pattern extraction method, and is as shown in FIG. 5 (501 to 503). Further, the table FIG. 9 (901) does not have to be in the conversion program (53) in FIG. 1, but may be in at least the system constituting the present invention such as a server on the network.

  The pattern numerical data calculated in the previous stage is changed by a random or similar method to create storage data, and the added change history information is generated as difference numerical data (107). The data handled at this point is as shown in FIG. 8 (801 to 803) and FIG. 7 (701 to 703), respectively. As the generation method here, the pattern extraction method used in (105) is used.

  The storage data and difference numerical data obtained in the previous stage are registered in different storage media (108). Both data may be registered in either the storage medium 6 or the biometric information management server, but as an example, it is assumed that the stored data is transmitted to the storage medium 6 and the ID and difference value data are transmitted to the biometric information server. The storage medium 6 stores the transmitted storage data in the storage medium (109), the biometric information management server receives the transmitted ID and difference value data (110), and registers the associated difference value data in the ID. . The stored data and the difference numerical data are difficult to decrypt by itself, but as a double barrier, when stored in the storage medium, it is desirable that the stored data and the differential numerical data are encrypted by the encryption method of the prior art.

  3 and 4 show an example of a flow in which a user authenticates biometric information. The numbers in this figure correspond to the numbers (201 to 109) and (301 to 302) referred to below. Note that the order of the procedures (202 to 206) and (207 to 209) can be switched.

  First, the authenticity of the storage medium 6 presented by the authentication terminal 3 is confirmed, and ID information and stored data assigned to the storage medium are read (201). An ID is transmitted to the biometric information management server 1 to request transmission of difference data (202).

  The biometric information management server 1 searches for difference numerical data corresponding to the received ID (203), and transmits the difference numerical data to the authentication terminal 3 (204). The authentication terminal 3 receives the difference numerical data sent from the biometric information management server (205), and performs composite processing to the original pattern numerical data using the storage data read from the storage medium 6 and the difference numerical data (206). ). The composite algorithm used here is a composite system obtained by giving the use authentication system ID and the biometric information input device ID to the table in FIG. 9 (901).

  Next, biometric information is input by the user through the registration terminal (207). Since the input information cannot be extracted as it is, the previous stage such as image processing is performed in accordance with the pattern extraction algorithm (208). Based on the information obtained in the previous stage, pattern extraction is performed and pattern numerical data calculation is performed (209). Note that the pattern extraction method used here is not necessarily limited to a specific algorithm, but is characterized as an example. Examples include a point extraction method, a pattern matching method, and a frequency analysis method.

  Finally, the composite pattern numerical data combined in (206) and the acquired pattern numerical data acquired in (209) are compared (301), and the user's biometric information is equivalent to the registered information. (302).

  Note that the information communicated and stored in FIGS. 2, 3, and 4 is all encrypted by a conventional encryption method.

  While the present invention has been described with reference to the embodiments, it is needless to say that the present invention is not limited to the above-described embodiments, and various modifications and improvements can be made within the scope of the present invention.

FIG. Flow chart (1). Flow chart (2). Flow chart (3). Table example (1). Table example (2). Table example (3). Table example (4). Table example (5).

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Biometric information management server, 2 ... Registration terminal, 3 ... Authentication terminal, 4 ... Registration / authentication terminal, 5 ... Network, 6 ... Storage medium, 7 ... In-medium authentication.

Claims (1)

In a biometric information registration method for performing authentication using user characteristics, (a) biometric information including the user characteristics is input via an input device, and (b) the user Pattern numerical data indicating features is calculated, (c) an allowable range that can maintain consistency as pattern data even if the pattern numerical data is changed is determined, and (d) within the determined previous allowable range (E) calculating difference numerical data indicating the conversion contents from the pattern numerical data to the storage data, and (f) a storage medium in which the calculated difference numerical data and the storage data are different from each other. And (g) combining the pattern numerical data using the difference numerical data and the storage data, and registering the pattern numerical data of the authentication user. The biometric information is characterized by determining whether the registered biometric information and the biometric information of the authentication user are the same by collating with the data.

Images